dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: dev:df7e5953eb88809bb27de319b10e8d44640e8797
Branches Tags
dev:master dev:fastback-ssh
dev:installer
..
compare: dev:6c98ef8944927310ccbba4603c57e4418a14dac8
Branches Tags
dev:master dev:fastback-ssh
dev:installer

2 Commits
df7e5953eb ... 6c98ef8944

Author SHA1 Message Date
Jack O'Sullivan
6c98ef8944 Revert "nixos/home/routing-common: Move Tailscale to home routers"
Some checks failed
CI / Check, build and cache Nix flake (push) Failing after 1h15m14s
Details 
This reverts commit 7c05b6158f.
 2024-11-26 00:04:43 +00:00
Jack O'Sullivan
18981e240b nixos/nvme: Update to libnvme v1.11.1 to fix LTS kernels 2024-11-25 23:58:15 +00:00
5 changed files with 38 additions and 48 deletions
Expand all files Collapse all files

6
nixos/boxes/britway/tailscale.nix
View File

@@ -1,5 +1,6 @@
{ lib, pkgs, config, assignments, allAssignments, ... }: { lib, pkgs, config, assignments, allAssignments, ... }:
let let
inherit (lib) concatStringsSep;
inherit (lib.my.c) pubDomain; inherit (lib.my.c) pubDomain;
inherit (lib.my.c.britway) prefixes domain; inherit (lib.my.c.britway) prefixes domain;
@@ -19,6 +20,10 @@ let
}); });
}); });
advRoutes = concatStringsSep "," [
lib.my.c.home.prefixes.all.v4
lib.my.c.home.prefixes.all.v6
];
pubNameservers = [ pubNameservers = [
"1.1.1.1" "1.1.1.1"
"1.0.0.1" "1.0.0.1"
@@ -85,6 +90,7 @@ in
"--login-server=https://hs.nul.ie" "--login-server=https://hs.nul.ie"
"--netfilter-mode=off" "--netfilter-mode=off"
"--advertise-exit-node" "--advertise-exit-node"
"--advertise-routes=${advRoutes}"
"--accept-routes=false" "--accept-routes=false"
]; ];
}; };

35
nixos/boxes/home/routing-common/default.nix
View File

@@ -1,7 +1,6 @@
index: { lib, allAssignments, ... }: index: { lib, allAssignments, ... }:
let let
inherit (builtins) elemAt; inherit (builtins) elemAt;
inherit (lib) concatStringsSep;
inherit (lib.my) net mkVLAN; inherit (lib.my) net mkVLAN;
inherit (lib.my.c) pubDomain; inherit (lib.my.c) pubDomain;
inherit (lib.my.c.home) domain vlans prefixes vips routers routersPubV4; inherit (lib.my.c.home) domain vlans prefixes vips routers routersPubV4;
@@ -151,28 +150,6 @@ in
}; };
nginx.enable = true; nginx.enable = true;
tailscale =
let
advRoutes = concatStringsSep "," [
prefixes.all.v4
prefixes.all.v6
];
in
{
enable = true;
authKeyFile = config.age.secrets."tailscale-auth.key".path;
openFirewall = true;
interfaceName = "tailscale0";
extraUpFlags = [
"--operator=${config.my.user.config.name}"
"--login-server=https://hs.nul.ie"
"--netfilter-mode=off"
"--advertise-exit-node"
"--advertise-routes=${advRoutes}"
"--accept-routes=false"
];
};
}; };
networking = { inherit domain; }; networking = { inherit domain; };
@@ -304,6 +281,15 @@ in
Destination = lib.my.c.colony.prefixes.all.v4; Destination = lib.my.c.colony.prefixes.all.v4;
Gateway = allAssignments.estuary.as211024.ipv4.address; Gateway = allAssignments.estuary.as211024.ipv4.address;
} }
{
Destination = lib.my.c.tailscale.prefix.v4;
Gateway = allAssignments.britway.as211024.ipv4.address;
}
{
Destination = lib.my.c.tailscale.prefix.v6;
Gateway = allAssignments.britway.as211024.ipv6.address;
}
]; ];
} }
]; ];
@@ -330,7 +316,6 @@ in
secrets = { secrets = {
files = { files = {
"l2mesh/as211024.key" = {}; "l2mesh/as211024.key" = {};
"tailscale-auth.key" = {};
}; };
}; };
@@ -340,7 +325,7 @@ in
}; };
}; };
firewall = { firewall = {
trustedInterfaces = [ "lan-hi" "lan-lo" "tailscale0" ]; trustedInterfaces = [ "lan-hi" "lan-lo" ];
udp.allowed = [ 5353 ]; udp.allowed = [ 5353 ];
tcp.allowed = [ 5353 ]; tcp.allowed = [ 5353 ];
nat = { nat = {

7
nixos/boxes/home/routing-common/keepalived.nix
View File

@@ -61,12 +61,7 @@ in
v6Alive = pingScriptFor "v6" [ "2606:4700:4700::1111" "2001:4860:4860::8888" "2600::" ]; v6Alive = pingScriptFor "v6" [ "2606:4700:4700::1111" "2001:4860:4860::8888" "2600::" ];
}; };
vrrpInstances = { vrrpInstances = {
v4 = mkVRRP "v4" 51 // { v4 = mkVRRP "v4" 51;
extraConfig = ''
notify_master "${config.systemd.package}/bin/systemctl start tailscaled.service" root
notify_backup "${config.systemd.package}/bin/systemctl stop tailscaled.service" root
'';
};
v6 = (mkVRRP "v6" 52) // { v6 = (mkVRRP "v6" 52) // {
extraConfig = '' extraConfig = ''
notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root notify_master "${config.systemd.package}/bin/systemctl start radvd.service" root

10
nixos/modules/nvme/default.nix
View File

@@ -5,7 +5,15 @@ let
cfg = config.my.nvme; cfg = config.my.nvme;
nvme-cli = pkgs.nvme-cli.override { nvme-cli = pkgs.nvme-cli.override {
libnvme = pkgs.libnvme.overrideAttrs (o: { libnvme = pkgs.libnvme.overrideAttrs (o: rec {
# TODO: Remove when 1.11.1 releases (see https://github.com/linux-nvme/libnvme/pull/914)
version = "1.11.1";
src = pkgs.fetchFromGitHub {
owner = "linux-nvme";
repo = "libnvme";
rev = "v${version}";
hash = "sha256-CEGr7PDOVRi210XvICH8iLYDKn8S9bGruBO4tycvsT8=";
};
patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ]; patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ];
}); });
}; };

28
secrets/tailscale-auth.key.age
View File

@@ -1,18 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyBtay96 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IERMTWVGZyByYlJn
encxaVJmQWhqenRmVjZkdDVFdnNINENTT0RLUGxsUkdoK1pvMjBjCjUycDh3ZTAr aERLcEhadS9jVUlyUmgxWEk5K0U2cE9WUlhCc0ZXbzhDRnZLTERvCmo2Vy9XeFhq
QnN5MkdaY1ozR1pRNGVVL0pQZWtYMXd0dlo3cnNiQWhjSkUKLT4gc3NoLWVkMjU1 NTcwdG5PZjlDb1JIM3BYWEVzMlBFWHFmRWt2dkF2OEQ2TDQKLT4gc3NoLWVkMjU1
MTkgWk5xSW9nIDIvNFZURjZQeW4wRkpqZS9YRXhhRFYwMmx3Mks4czJidFo3elht MTkgT0VxTXNnIHROaUlGUExERTZFaU5QL3dBcFpQVWNobGQwSEZ1YTU3NXJkekRi
ZVhBejQKTXpqUGVHcytSbENoc3hQZ01wcXBQMklMNU1XTnp4TmtvenFoaGphS3Qz c0RUMGsKUHg4V0hIdFJ0aGxwOTFhaVB6MUdVWE0wUFgrMjI2am5uZlhWL09ObjhB
MAotPiBzc2gtZWQyNTUxOSBzK3FSZmcgV2J4TlhYQXVwdisyWmF1QTkzUXUvNEVt VQotPiBYMjU1MTkgTWwyQjZjcUFYQ01KUHpoajRrVkpZd0czSzVrMTZxdjVHaHRh
ZTRoM0ppQVdFZDFsUCtYbnlUUQpqWmYxYTZ3ZnFVYk5SSWN5QUt4MFlUMFFrdDUx bERCSjBqSQpYOXJibDZPM2Z6bkNCSGpMRExZT21UTzU0N0RiT2FNM0l3N1pnRkl6
MjF6b1lDbkVaMElnLzNNCi0+IHNzaC1lZDI1NTE5IE9FcU1zZyByNWNDQkRmMHlD WUJBCi0+IE0qLWdyZWFzZSB6TDVwIGRiQm0gajFFIEVqUXcKU3pEOFBqRVQ0dDZi
NFExRVk3MHhjYnREcXh2ZmVDMnNEaE5lWks2azlHTEVnCnNXQm94eTJPVk1mYmxZ REszS1h0T2FnOFF6cHBrN2xtOHdEQkIrCi0tLSBTM3EwNHhDaEo1eldDOTN5dzQz
U1RqRTE1bDVHNFY2c0VQS1QyQWx6TGRYL01HRzAKLT4gWDI1NTE5IFMrZnlnNTQ1 Q3Rpeno1K25KRU15L01wU21tczNmdlVJCqHBdFLovtLJGH9IY86pvc3xhpoLnfI/
UFdQZ0RnRUdiMkNTaXhjRnVFcUpULzJveFNyd2FGcmVJaDAKU2hzZ0NxYzU4ZEgv OVAF5RdpR9T2oNCr3oAiVURkPocYXLHnbjZhLKoj3uDoSZAE52VN9l05jhyX1wwY
VnRqNlJIRmFHSisyWWlaTGVtbDFITHljWGt2b0V3bwotPiBbNFpCbn0tZ3JlYXNl /Vfnp48kP8xfbQ==
IDxDeCBKbiBBP0ImJCBQClJBV2gwUy9ldUU0MUFPczFRTXVEeHR4akZqTEEKLS0t
IFY1Z0V5Z1Z2U0Q4alFmaFV5bnY3QjRxOTlkTWRRL0hVTlRiWWk2MWdXdVkKS8oI
z3Eyu1ZdBwLrTINoorZTBBgx8vp5iIdUevCg4dyH3WnkW/DHXZuuRGSH6xiSAroH
JI5toFkwp3ZHWcodcYNvyP7ECRBsTyuCk7aRPgnZ
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----